HIPAA Privacy and Security Rules
GPTKB entity
Statements (50)
| Predicate | Object |
|---|---|
| gptkbp:instanceOf |
gptkb:United_States_federal_law
|
| gptkbp:appliesTo |
health plans
business associates covered entities health care clearinghouses electronic, paper, and oral PHI health care providers who transmit health information electronically |
| gptkbp:codifiedIn |
gptkb:45_CFR_Part_160
45 CFR Part 164 |
| gptkbp:enforcedBy |
gptkb:Office_for_Civil_Rights
gptkb:U.S._Department_of_Health_and_Human_Services |
| gptkbp:excludes |
education records covered by FERPA
certain employment records |
| https://www.w3.org/2000/01/rdf-schema#label |
HIPAA Privacy and Security Rules
|
| gptkbp:partOf |
gptkb:Health_Insurance_Portability_and_Accountability_Act
|
| gptkbp:penaltiesForNoncompliance |
criminal penalties
civil penalties |
| gptkbp:Privacy_Rule |
establishes standards for use and disclosure of PHI
|
| gptkbp:protectedBy |
protected health information
|
| gptkbp:purpose |
protect privacy of individuals' health information
ensure security of electronic health information |
| gptkbp:relatedTo |
gptkb:Breach_Notification_Rule
gptkb:HITECH_Act |
| gptkbp:requires |
risk analysis
workforce training contingency planning notice of privacy practices encryption and decryption unique user identification administrative safeguards physical safeguards technical safeguards business associate agreements transmission security audit controls minimum necessary standard security incident procedures accounting of disclosures device and media controls emergency access procedures facility access controls integrity controls patient rights to access and amend PHI person or entity authentication |
| gptkbp:Security_Rule |
establishes standards for electronic PHI
|
| gptkbp:Security_Rule_effectiveDate |
April 21, 2005
|
| gptkbp:startDate |
April 14, 2003
|
| gptkbp:subject |
state privacy laws if more stringent
|
| gptkbp:bfsParent |
gptkb:45_CFR_§§_164.400-414
|
| gptkbp:bfsLayer |
7
|